Mailing-List: contact cygwin-developers-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-developers-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>
List-Post: <mailto:cygwin-developers AT cygwin DOT com>
List-Help: <mailto:cygwin-developers-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-developers-owner AT cygwin DOT com
Delivered-To: mailing list cygwin-developers AT cygwin DOT com
Date: Sat, 24 Aug 2002 18:49:24 +0400
From: egor duda <deo AT logos-m DOT ru>
Reply-To: egor duda <cygwin-developers AT cygwin DOT com>
Organization: deo
X-Priority: 3 (Normal)
Message-ID: <57198715948.20020824184924@logos-m.ru>
To: Corinna Vinschen <cygwin-developers AT cygwin DOT com>
Subject: Re: acl_access denies access owned by 'Everyone' group
In-Reply-To: <20020823183821.S26346@cygbert.vinschen.de>
References: <19113724867 DOT 20020823191251 AT logos-m DOT ru>
 <20020823183821 DOT S26346 AT cygbert DOT vinschen DOT de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi!

Friday, 23 August, 2002 Corinna Vinschen vinschen AT redhat DOT com wrote:

CV> On Fri, Aug 23, 2002 at 07:12:51PM +0400, Egor Duda wrote:
>> [...]
>> # owner: 1291
>> # group: 0
>> user::rw-
>> group::r--
>> mask::r--
>> other::---
>> $ grep Everyone /etc/group
>> Everyone:S-1-1-0:0:duda,duda_admin

CV> That shouldn't be necessary at all.  You can even drop Everyone
CV> completely from /etc/group with the current version from CVS.

CV> I don't know if it's clever to set group membership to Everyone
CV> since that's the ACL entry which is evaluated as POSIX "other".
CV> I never tried it (I didn't even have the idea to do that).
CV> Anyway, it's really wrong what you're doing.  Pierre's changes
CV> eliminated the usage of Everyone as a group.  In that light I'd
CV> say, yes, it's a result of Pierre's changes and it's correct.

It may be silly thing to do, but such layout might been created by
native tools, isn't it? Of course, i've removed 'Everyone' group and
have changed permissions and everything works ok. But i suppose there
may be some confusion after new release.

'id' doesn't show 'Everyone' indeed, so, formally, user 'duda' doesn't
have access when we follow standard unix semantics. Here we have a
difference between unix and nt notion of access rights. I know that
it's hard or impossible to map unix semantics to nt 1:1. Is it one of
the cases which better left different?

Egor.            mailto:deo AT logos-m DOT ru ICQ 5165414 FidoNet 2:5020/496.19